https://techcrunch.com/TechCrunch 
Mobile Logo 

Sign In 

Site Search Toggle 
Mega Menu Toggle 
e Latest 

e Startups 

e Venture 

e Apple 

e Security 

e Al 

* Apps 

e Events 

e Podcasts 

e Newsletters 
Topics 

Latest 

AI 

Amazon 

Apps 

Biotech & Health 


Climate 

Cloud Computing 
Commerce 
Crypto 

Enterprise 

EVs 

Fintech 
Fundraising 
Gadgets 

Gaming 

Google 
Government & Policy 
Hardware 
Instagram 
Layoffs 

Media & Entertainment 
Meta 

Microsoft 
Privacy 

Robotics 
Security 


Social 

Space 
Startups 
TikTok 
Transportation 
Venture 


More from TechCrunch 
Events 

Startup Battlefield 
StrictlyVC 

Newsletters 

Podcasts 

Videos 

Crunchboard 

Partner Content 
TechCrunch Brand Studio 
Contact Us 

Sign In 


Security 

How to make your own 
encrypted VPN server in 15 
minutes 

The best encrypted VPN is 
one that you have set up and 


secured yourself. 

Romain Dillet 

September 30, 2024 

Image Credits:Bryce Durbin / TechCrunch 
You may have seen plenty of online ads 
about paid VPN services. However, as we 
explained in a previous article, it's not a 


good idea to tunnel all your internet traffic 
through a VPN service. 

Unlike what they say on their websites, 
VPN companies usually don't care about 
protecting your privacy. These companies 
get to see all your web browsing history as 
they handle your internet traffic and DNS 
requests. They sometimes even keep logs 
of your IP address and connection history, 
which means that they could potentially 
hand this data over to authorities, or it 
could be stolen by cybercriminals. 

In most cases, you don't need to enable a 
VPN connection before browsing the web 
as nearly all websites are delivered to your 
browser over a secure and encrypted 
connection (called HTTPS). 

But VPNs can be useful from time to time, 
depending on your risk profile, also known 
as a threat model. Sometimes you can't 
access a website from a public network 


because it's blocked. Or you could be 
traveling to a country where the content 
you want to access, such as the news, or 
music- and video-streaming services, 
aren't available. In those cases, it's all 
about minimizing the risk while you use a 
VPN. 

That's why we are going to highlight a few 
different methods to set up your own 
encrypted VPN server at home or in a data 
center near you. 


Easy: Run Tailscale on a spare 


home computer 

Tailscale makes it easy to create a virtual 
network and connect all your devices to 
that network. Tailscale is built on top 

of WireGuard, a rock-solid open source 
VPN protocol that works on pretty much 
any device. 

There are plenty of use cases for Tailscale. 


Developers use it for accessing remote 
servers. Companies use it so that 
employees can access all kinds of 
corporate services even when they're not 
in the office. In our case, we're going to 
use it as an alternative to a VPN service 
that lets you encrypt and redirect all your 
internet traffic. 

If you have a computer that is always 
running at home, or an old laptop that you 
no longer use, download and install 
Tailscale on that device. The Tailscale app 
is available for both Windows and macOS. 
(It's also available on Linux using the 
terminal.) 

Create a Tailscale account, and create your 
first tailnet. In Tailscale’s lingo, a tailnet is 
your own private peer-to-peer mesh 
network that lets your devices interact with 
each other. 

Click on the Tailscale icon in your menu 


bar on macOS or in the taskbar on 
Windows. Turn on Tailscale, and then head 
to the “Exit nodes” menu. Click on “Run 
exit node ...” 

Now, you can install Tailscale on your 
personal devices that you're traveling with, 
such as your laptop or your phone. Install 
Tailscale, then log into your account. You'll 
see your computer running at home in the 
list of devices in your private network. 
Once again, go to the “Exit nodes” section. 
This time, choose your home computer as 
your exit node. That's it! When your 
devices use your home computer as 

their exit nodes, all internet traffic passes 
through that exit node. 

Tailscale's role is to manage the 
coordination server that makes this VPN 
connection possible. This coordination 
server is responsible for distributing the 
public keys to all your devices in your 


Tailscale network so that they can securely 
communicate with each other. Tailscale 
doesn't route traffic through its 
coordination servers. 

As for private keys, they remain on your 
devices at all times. Without those private 
keys, there is no way for anyone else — 
including Tailscale — to decrypt the data 
that flows through your VPN tunnel. With 
this setup, you get all the benefits of an 
encrypted VPN connection without having 
to manually generate, distribute, and 
handle your public keys. 

The result is that even if you're thousands 
of miles away on a very restricted Wi-Fi 
network, you can browse the web as if you 
were located at home. 

At this point you might think, “This is great, 
but | don't want to keep a computer 
running 24/7. The good news is that 
Tailscale lets you turn an Apple TV into an 


exit node. As the Apple TV is designed to 
be constantly running so that it can be 
switched on and used at any time, your 
exit node will also always be constantly 
available. If you're not an Apple TV user, 
you may have an Android-based set-top 
box or an old Android phone in a drawer. 
Tailscale lets you run an exit node on an 
Android device, too. 


Disconnect 


About. 


The exit node sub-menu in Tailscale's 
client on macOS (left) and Windows 
(right). Image Credits:TechCrunch 
(screenshots) 


Medium: Install Tailscale on a 
Raspberry Pi 


If your modem or router is in a peculiar 
spot, you may want to build yourself a 


dedicated Tailscale device and plug it into 
your router with an Ethernet cable. 

In that case, you could buy a Raspberry Pi, 
a tiny, cheap, single-board micro-computer. 
We recommend a Raspberry Pi 4 or 
Raspberry Pi 5, as these models have a 
Gigabit Ethernet port. If you have a fiber 
connection at home, you'll be able to get 
faster speeds with that Gigabit Ethernet 
port when you switch on the VPN 
connection. 

You can flash a microSD card with 
Raspberry Pi Desktop, the operating 
system specifically designed for these 
computers. You'll also need a USB 
keyboard and mouse, as well as a micro- 
HDMI-to-HDMI cable to set up the 
Raspberry Pi. 

After that, you can plug your Raspberry Pi 
to a computer display or a TV and turn it 
on. You'll have to open the terminal and 


run a few commands that are detailed 

on Tailscale's website to install and run 
Tailscale. 

You also need to enable IP forwarding with 
the following three commands on 
Raspberry OS: 

echo ‘net.ipv4.ip_forward = 1' | sudo tee -a / 
etc/sysctl.conf echo 
‘net.ipv6.conf.all.forwarding = 1' | sudo tee 
-a /etc/sysctl.conf sudo sysctl -p /etc/ 
sysctl.conf 

After the last command, run the following 
command: 

sudo tailscale up --advertise-exit-node 

And this completes turning this Raspberry 
Pi into a Tailscale exit node. 

You can now install Tailscale on your 
personal devices that you're traveling with, 
and use the Raspberry Pi as your exit node. 


A Raspberry Pi 5. Image 

Credits:Romain Dillet / TechCrunch 
If you like this setup and you're 
comfortable in the terminal, you can follow 
the same instructions with Raspberry Pi 
OS Lite, the operating system for the 
Raspberry Pi that doesn't have a traditional 
desktop interface. 
You can also follow the same instructions 
to create your own VPN server in a data 
center near you. Many companies, such as 
DigitalOcean, Vultr, Linode, Scaleway, 
Hetzner Cloud, and OVHcloud, offer cheap 
virtual servers for around $5 per month. 


After creating a server with one of those 
cloud hosting companies, boot up a server 
and use their web console to install 
Tailscale. You can also log in using SSH, 
commonly used for remote access, from 
your own terminal. 


Tailscale’s iPhone app with the ability 
to select an exit node at the top.Image 
Credits:Romain Dillet / TechCrunch 


Advanced: Tailscale on Fly.io 
or WireGuard on a VPS 


At this point, you may find that setting up 


your own encrypted VPN server and 
routing all your internet traffic through that 
server isn't that difficult. So, you can get 
creative with your setup. 

For instance, developer Patrick Recher has 
built a global network of Tailscale exit 
nodes on Fly.io, a cloud-hosting company 
that lets you create virtual machines on 
the fly based on a configuration file. 
Recher can add a server in a new region 
with a single command line. And when he's 
done, he stops the virtual machine and 
destroys it. You can find out more in 
Recher's GitHub repository. 

If you don't want to rely on Tailscale to 
coordinate your peer-to-peer network, you 
could install and configure WireGuard 
directly. There are several 

tutorials around the web that will guide 
you through the WireGuard setup process. 
Setting up WireGuard is not that 


complicated, and you'll learn a few things 
along the way. 

Topics 

EvergreenSecurityTailscalevirtual private 
networksvpnVPN skeptics guideWireGuard 


Romain Dillet 

Senior Reporter 

@romaindillet 

Romain Dillet is a Senior Reporter at 
TechCrunch. He has written over 3,000 
articles on technology and tech startups 


and has established himself as an 
influential voice on the European tech 
scene. He has a deep background in 
startups, privacy, security, fintech, 
blockchain, mobile, social and media. With 
twelve years of experience at TechCrunch, 
he's one of the familiar faces of the tech 
publication that obsessively covers Silicon 
Valley and the tech industry. In fact, his 
career started at TechCrunch when he was 
21. Based in Paris, many people in the tech 
ecosystem consider him as the most 
knowledgeable tech journalist in town. 
Romain likes to spot important startups 
before anyone else. He was the first 
person to cover N26, Revolut and 
DigitalOcean. He has written scoops on 
large acquisitions from Apple, Microsoft 
and Snap. When he's not writing, Romain is 
also a developer — he understands how 
the tech behind the tech works. He also 


has a deep historical knowledge of the 
computer industry for the past 50 years. 
He knows how to connect the dots 
between innovations and the effect on the 
fabric of our society. Romain graduated 
from Emlyon Business School, a leading 
French business school specialized in 
entrepreneurship. He has helped several 
non-profit organizations, such as StartHer, 
an organization that promotes education 
and empowerment of women in 
technology, and Techfugees, an 
organization that empowers displaced 
people with technology. 

View Bio 


Related 


Social 
Facebook launches a Gen Z- 
focused redesign 


e Sarah Perez 
3 mins ago 


Government & Policy 
Kenya fines Baltic fintech 
Eleving's local arm for 


misleading customers 
e Annie Njanja 
2/7 mins ago 


Check, Remote, and Gusto 
discuss the future of work at 
TechCrunch Disrupt 2024 


e TechCrunch Events 
33 mins ago 


Latest in Security 
See More 


Security 


The TechCrunch Cyber Glossary 
e Zack Whittaker 
e Lorenzo Franceschi-Bicchierai 


e Carly Page 
22 hours ago 
> 1) D 1) PA A 
b b 
è o id" Nd * > a 
À al bA bA bA 
DA DA DA > O > 
A b A eO A 
N al eNA eNA DA 
e O eO b b b 
bo > N 
PA rain A ed 
: es N all < > e O 
b 
Pa, è o L è o 
fa) > O > a i 
b A DA A 
di DA A > è 
è o bo > @ A TAN 
n b N DA > ~O 
Security 


CISA issues warning about 
another Ivanti flaw under active 


attack 
e Carly Page 
1 day ago 


https://techcrunch.com/ 
e X 
e LinkedIn 
e Facebook 
e Instagram 
e youTube 
e Mastodon 
e Threads 
e TechCrunch 
e Staff 
e Contact Us 
e Advertise 


e Crunchboard Jobs 

e Site Map 

e Terms of Service 

e Privacy Policy 

e RSS Terms of Use 

e Privacy Dashboard 

e Code of Conduct 

e About Our Ads 

e OpenAl's Dev Day 

e Microsoft Copilot 

e iOS 18 

e Sonos 

e Ford BlueCruise 

e Tech Layoffs 

e ChatGPT 
© 2024 Yahoo. 
Some areas of this page may shift around 
if you resize the browser window. Be sure 
to check heading and document order. 


